/ 



PATENT APPLICATION 
Express Mail Label No. EL436467422US 
Attorney Docket No. OR99-17401 



o 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



UTILITY PATENT 
APPLICATION TRANSMITTAL LETTER 



0<T\ 




o 



Asst. Commissioner for Patents 
Box Patent Application 
Washington, D.C. 20231 



Sir: 



Enclosed for filing is an [X] original patent application or, [ ] a continuation-in-part 

patent application, by inventor(s) Vipin Samar , entitled METHOD AND APPARATUS FOR 
SHARING A SECURE CONNECTION BETWEEN A CLIENT AND MULTIPLE SERVER NODES . 

No. of pages in Specification: 24 ; No. of Claims: 35 



Also enclosed are: 



[] 


a claim for foreign priority under 35 U.S.C. §§ 1 19 and/or 365 in 




[ ] a separate document [ ] the declaration; 


[] 


a certified copy of the priority document; 


[] 


an Associate Power of Attorney; 


[] 


verified statement(s) claiming small entity status; 


[X] 


a Combined Declaration and Power of Attorney of the inventors(s); 


[] 


a signed Combined Declaration and Power of Attorney of the inventors will follow; 


[X] 


an Assignment document and form PTO-1595; 


[X] 


a Power of Attorney by Assignee; and 


[] 


Information Disclosure Statement and Form PTO-1449. 



No. of Sheets of Drawings: 



Formal: 4 



Informal: _0 



Attorney Docket No. OR99- 17401 



1 



The fee has been calculated as follows: 



CLAIMS 




NO. OF 
CLAIMS 




EXTRA 
CLAIMS 


RATE 


FEE 


Basic Application Fee 




Total Claims 


35 


MINUS 20 


15 


$18.00= 


$270.00 


Independent 
Claims 


6 


MINUS 3 = 


3 


$78.00= 




If multiple dependent claims are presented, add $260.00 


0 


Total Application Fee 


$1,194.00 


If verified statement claiming small entity status is enclosed, subtract 50% of 
Total Application Fee 




Add Recording Fee of $40.00 if Assignment document is enclosed 


$40.00 


TOTAL APPLICATION FEE DUE 


$1,234.00 



[X] A check in the amount of $ 1 ,234.00 is enclosed. 
[ ] Application fee will follow with missing parts. 

[X] Please deduct any underpayments or credit any overpayments to Deposit Account Number 
50-1003. 



Please direct all correspondence concerning the above-identified application to the following 

address: 

A. Richard Park 
Park & Vaughan LLP 
508 Second Street, Suite 201 
Davis, CA 95616 
(530) 759-1661 

Respectfully submitted, 



iiinin 

22836 

PATENT TRADBMK OFFICE 



By ^ -fcC^L 

A. Richard Park 
Registration No. 41,241 

Date: March 30, 2000 



Attorney Docket No. OR99- 17401 



2 



"Express Mail" Mailing Label No. EL436467422US 

PATENT APPLICATION 
ATTORNEY DOCKET NO. OR99-17401 



METHOD AND APPARATUS FOR SHARING A 
10 SECURE CONNECTION BETWEEN A CLIENT 

AND MULTIPLE SERVERS 

Inventor(s): Vipin Samar 

15 

BACKGROUND 

Field of the Invention 

The present invention relates to connections between computer systems 
20 established across computer networks. More specifically, the present invention 
relates to a method and an apparatus for sharing a single secure connection with a 
client computer system between multiple servers, so that each of the multiple 
servers does not have to separately establish a secure connection with the client 
computing system. 

25 

Related Art 

The advent of computer networks has led to an explosion in the 
development of applications that facilitate rapid communication of information 
between computer systems. 
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One problem with sending information across computer networks is that it 
is hard to ensure that sensitive information is kept confidential. This is because a 
message containing sensitive information can potentially traverse many different 
computer networks, and many different computer systems, before it arrives at its 
5 ultimate destination. An adversary can potentially intercept a message at any of 
these intermediate points along the way. 

One way to remedy this problem is to "encrypt" sensitive data using an 
encryption key so that only someone who possesses a corresponding decryption 
key can decrypt the data. (Note that for commonly used symmetric encryption 

10 mechanisms the encryption key and the decryption key are the same key.) For 
example, a person sending sensitive data across a computer network can encrypt 
the sensitive data using the encryption key before it is sent across a computer 
network. At the other end, a recipient of the data can use the corresponding 
decryption key to decrypt the data. 

1 5 A number of protocols, such as the secure sockets layer (SSL) protocol, 

have been developed to establish secure communication channels across computer 
networks. The SSL protocol uses encryption and authentication techniques to 
ensure communications between a client and a server remain private. Tn 
establishing a SSL connection (or session) between a client and a server, the client 

20 and the server exchange a number of messages that: authenticate the server to the 
client (through use of a digital certificate); allow the client and the server to select 
cryptographic mechanisms that they both support; authenticate the client to the 
server (optional); use public-key encryption techniques to securely exchange 
shared secrets; and establish an encrypted SSL connection. 

25 Unfortunately, there is presently no way to share the same SSL session 

across multiple servers within the same trusted web domain. Hence, applications 
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must set up and maintain a separate SSL connection on each server, which can 
greatly degrade scalability of the system. 

Each secure SSL session can take anywhere between one half second to 
one second to establish. This is an enormously large time in comparison to the 

5 time required to establish a web connection of about i 0-20 ms. Web sites 

currently solve this performance problem in a number of ways: by deploying large 
amounts of computational hardware; by limiting a service to few subscribers; or 
by hosting all security sensitive applications on the same machine, or by relaxing 
the security requirements on most of the web pages. 

1 0 None of these solutions are acceptable for electronic commerce 

applications that require secure, scalable and modular systems in order to handle 
large volumes of traffic. For example, a medium-to-large electronic commerce 
site typically has a separate billing server, a separate account management server, 
a separate order server, and a separate customer management server. 

1 5 Furthermore, multiple instances of each of these servers may exist for load 
balancing and high availability purposes. 

Aside from the performance problems arising from establishing secure 
connections, simply maintaining a public key infrastructure (PKI) revocation and 
authorization policy on every server can also create significant administration 

20 problems. 

What is needed is a method and an apparatus that allows sharing of an 
established secure communication session across multiple servers. 

SUMMARY 

25 One embodiment of the present invention provides a system for sharing a 

secure communication session with a client between a plurality of servers. The 
system operates by receiving a message from the client at a first server. This 
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message includes a session identifier, which identifies a secure communication 
session with the client. If the session identifier does not correspond to an active 
secure communication session on the first server, the first server establishes an 
active secure communication session with the client by attempting to retrieve 
security state information from a second server, which has an active secure 
communication session with the client. If the first server is able to retrieve this 
security state information, the first server uses this state information to establish 
the active secure communication session with the client without having to 
communicate with the client. If the first server is not able to retrieve this state 
information, the first server communicates with the client to establish the secure 
communication session with the client. 

In one embodiment of the present invention, the system attempts to 
retrieve the state information by attempting to use the session identifier to identify 
the second server, which had an active secure communication session with the 
client. If such a second server is identified, the system attempts to retrieve the 
state information from the second server. 

In one embodiment of the present invention, the system attempts to 
retrieve the state information from a centralized repository that is in 
communication with the plurality of servers. In a variation on this embodiment, 
the centralized repository includes a database for storing the state information. 

In one embodiment of the present invention, the active secure 
communication session is a secure sockets layer (SSL) connection with the client. 

In one embodiment of the present invention, the state information includes 
a session encryption key for the secure communication session, the session 
identifier for the secure communication session, and a running message digest for 
the secure communication session. In a variation on this embodiment, the system 
additionally uses the message to update the running message digest, and 
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checkpoints the updated running message digest to a location outside of the first 
server. 

In one embodiment of the present invention if the state information for the 
active secure communication session is retrieved, the system purges the state 
5 information from a location from which the state information was retrieved, so 
that the state information cannot be subsequently retrieved by another server. 

One embodiment of the present invention provides a system for sharing a 
secure communication session between a plurality of servers. This system 
operates by sending a message (including a session identifier) from a client to a 
10 first server, which has no active secure communication session with the client. 
Next, the system receives a response to the message from the first server. If the 
response indicates that no active secure communication session has been created 
with the client on the first server, the system communicates with the first server to 
establish an active secure communication session. 
15 In one embodiment of the present invention, the client sends the message 

to the first server only if an active secure communication session is held by a 
second server, wherein the second server has an address that is related to the 
address of the first server. 

Hence, the present invention allows for sharing of secure communication 
20 sessions (such as SSL sessions) across multiple servers, and thereby improves 
system scalability and performance. 

BRIEF DESCRIPTION OF THE FIGURES 

FIG. 1 illustrates a client in communication with a plurality of servers 
25 across a computer network in accordance with an embodiment of the present 
invention. 
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FIG. 2 illustrates the structure of state information for a secure 
communication session in accordance with an embodiment of the present 
invention. 

FIG. 3 is a flow chart illustrating how a client communicates with a server 
5 in accordance with an embodiment of the present invention. 

FIG. 4 is a flow chart illustrating how a server sets up and maintains a new 
secure communication session in accordance with an embodiment of the present 
invention. 

FIG. 5 is a flow chart illustrating how a server configures itself to use an 
1 0 existing secure communication session on another server in accordance with an 
embodiment of the present invention. 

FIG. 6 is a flow chart illustrating how a server or other repository forwards 
communication session state information to a requesting server in accordance with 
an embodiment of the present invention. 

15 

DETAILED DESCRIPTION 

The following description is presented to enable any person skilled in the 
art to make and use the invention, and is provided in the context of a particular 
application and its requirements. Various modifications to the disclosed 

20 embodiments will be readily apparent to those skilled in the art, and the general 
principles defined herein may be applied to other embodiments and applications 
without departing from the spirit and scope of the present invention. Thus, the 
present invention is not intended to be limited to the embodiments shown, but is 
to be accorded the widest scope consistent with the principles and features 

25 disclosed herein. 

The data structures and code described in this detailed description are 
typically stored on a computer readable storage medium, which may be any device 
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or medium that can store code and/or data for use by a computer system. This 
includes, but is not limited to, magnetic and optical storage devices such as disk 
drives, magnetic tape, CDs (compact discs) and DVDs (digital video discs), and 
computer instruction signals embodied in a transmission medium (with or without 
a carrier wave upon which the signals are modulated). For example, the 
transmission medium may include a communications network, such as the 
Internet. 

Computer Systems 

FIG. 1 illustrates a client 104 in communication with a plurality of related 
servers 1 1 1 across a computer network 108 in accordance with an embodiment of 
the present invention. In the embodiment illustrated in FIG. 1, user 102 accesses 
browser 106 on client 104 to communicate with a web site that is hosted by 
related servers 111. 

Client 104 can include any node on a network including computational 
capability, and including a mechanism for communicating across network 108. 

Browser 106 can include any type of web browser capable of viewing a 
web site, such the INTERNET EXPLORER™ browser distributed by the 
Microsoft Corporation of Redmond, Washington. 

Network 108 can include any type of wire or wireless communication 
channel capable of coupling together computing nodes. This includes, but is not 
limited to, a local area network, a wide area network, or a combination of 
networks. In one embodiment of the present invention, network 108 includes the 
Internet. 

Client 104 communicates with related servers 1 1 1 through redirector 
and/or router 110. Redirector and/or router 1 10 can include any type of 
mechanism that redirects communications from client 104 between related servers 
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111. This redirection can take place for a number of reasons, including for load 
balancing and/or fault tolerance purposes. In one embodiment of the present 
invention, redirector and/or router 1 10 is part of a high availability (HA) 
framework for the SOLARIS™ operating system. The Solaris operating system is 
5 distributed by SUN Microsystems, Inc. of Palo Alto, California. In another 

embodiment of the present invention, redirector and/or router 1 10 is part of a load 
balancing system for related servers 111. In yet another embodiment, redirector 
and/or router 1 10 is part of one or more network routers. 

In one embodiment of the present invention, related servers 1 1 1 
10 communicate with database 124 in order to store information relating to 

established communication sessions (such as SSL connections) on related servers 

111. This allows related servers 1 1 1 to share information on communication 
sessions, which enables related servers 1 1 1 to share communication sessions. In 
one embodiment of the present invention communications with database 124 

15 adhere to the lightweight directory access protocol (LDAP), or alternatively a 
native protocol, such as the NET8™ protocol developed by the Oracle 
Corporation of Redwood Shores, California. 

Related servers 1 1 1 can include any nodes on a computer network 
including a mechanism for servicing requests from a client for computational 

20 and/or data storage resources. In the embodiment illustrated in FIG. 1, related 
servers 1 1 1 cooperate with each other in order to provide electronic commerce 
services for client 104. To this end related servers 1 1 1 include: credit card server 

112, which handles payments using credit card numbers; advertisement server 
114, which handles computational activity related to providing advertising space 

25 on an electronic commerce web site; access control server 122, which handles 
security for related servers 111; login authentication servers 116-118, which 
handle the process of authenticating entities that communicate with related servers 
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Ill; and main web servers 128, which perform most of the web hosting functions 
and handle most of the web-related traffic from client computer systems. Note 
that all of the above-listed servers can be replicated for load balancing and/or 
fault-tolerance purposes. Also note that different parts of web pages can be stored 
5 on different servers. 

During operation, the system illustrated in FIG. 1 operates generally as 
follows. Client 104 establishes a communication session (such as SSL session 
130) with a login authentication server (such as login authentication server 1 16). 
Establishing this communication session involves a number of communications 

10 between client 104 and login authentication server 1 16 in order to authenticate 
client 104, and to set up a secure communication channel between client 104 and 
server 116. Login authentication server 116 makes state information 200 
associated with SSL session 130 available to other servers in related servers 1 1 1 
either by publishing the state information 200 in database 124, or by providing 

1 5 state information 200 to other servers when it is requested. This allows other 
servers within related servers 1 1 1 to use existing SSL session 130 without having 
to go through the time-consuming process of setting up a new communication 
session and all of the related public key cryptography. 

Note that although the present invention is presented in the context of a 

20 SSL session 130 and a group of related servers 1 1 1 that provide a web site to 
client 104, the present invention is not limited to this context. In general, the 
present invention can be applied to any system in which a group of related 
computers are able to share information relating to an established communication 
session with another computer where the initial setup is extremely expensive. 

25 
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Communication Session State Information 

FIG. 2 illustrates the structure of state information 200 for a 
communication session in accordance with an embodiment of the present 
invention. Note that FIG. 2 illustrates some of the state information that is kept as 
5 part of an SSL session, such as SSL session 130 illustrated in FIG. 1 . During 
initialization of the communication session, client 104 and server 1 16 agree on a 
session ID 202, which uniquely identifies the communication session. Note that 
the SSL protocol allows for resuming of the existing SSL session between client 
104 and server 1 16 by including support for client 104 to send session ID 202 to 
1 0 server 1 1 6. One embodiment of the present invention uses this feature to send 
the session ID 202 to other "trusted" servers. (The notion of trust is 
implementation-specific but can include servers in the same domain, for 
example.) 

As part of the SSL protocol, client 104 and server 116 also agree on a 
1 5 master secret 204, which contains various items including a read key 206 for 

encrypting communications from client 104 to server 116, and a write key 208 for 
encrypting communications in the other direction, from server 1 16 to client 104. 
It also contains a message digest key 210, which is used to encrypt the running 
message digest 212. 
20 Running message digest 212 is also part of state information 200. 

Running message digest 212 contains a cumulative message digest for 
communications across SSL session 130. Note that running message digest 212 
continually changes as messages are sent through SSL session 130. Hence, the 
current version of running message digest 212 must be available to any server that 
25 wants to share the communication session. 
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Operation of Client 

FIG. 3 is a flow chart illustrating how a client 104 communicates with a 
server 1 1 8 in accordance with an embodiment of the present invention. Client 
104 first decides to send a message to a server with which client 104 has no active 
5 communication session (such as server 118) (step 302). Next, client 104 

determines if the address of server 1 1 8 is related to the address of another server 
with which client 104 has an active communication session (step 304). For 
example, in FIG. 1 client 104 may determine that the address of server 118 
indicates that it is related to server 1 16, which has an active communication 

1 0 session 130 with client 1 04. Note that the addresses of servers 1 1 6 and 1 1 8 may- 
be related in a number of ways, they may share the same domain name service 
(DNS) host name, they may have similar Internet Protocol (IP) addresses or they 
may have the same IP address, but different port numbers. 

If client 104 determines the address of server 1 1 8 is not related to the 

1 5 address of a server that has an active communication session with client 1 04, 

client 104 starts a fresh connection with server 1 18 in order to establish an active 
communication session with server 118 (step 312). 

If client 104 determines that the address is related to the address of a 
server that has an active communication session with client 104, client 104 sends 

20 a message including session ID 202 to server 1 18 (step 306). Next, client 104 

receives an acceptance or a rejection of session ID 202 from server 1 1 8 (step 308). 
If client 104 receives a rejection, client 104 communicates with server 1 18 in 
order to establish a new communication session with server 118 (step 312). If 
client 104 receives an acceptance, then server 1 1 8 was able to establish a 

25 communication session with client 104 using information from a related server. 
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Initializing and Maintaining a Communication Session 

FIG. 4 is a flow chart illustrating how a server 116 sets up and maintains a 
new communication session client with a client 1 04 in accordance with an 
embodiment of the present invention. First, server 1 16 communicates with client 
5 104 to set up the new communication session (for example SSL session 130 from 
FIG. 1) (step 402). Next, in one embodiment of the present invention, server 116 
publishes state information 200 for SSL session 130 to a location outside of server 
1 16 so that it is available to related servers that may want to share SSL session 
130 (step 404). For example, server 116 may publish state information 200 for 
10 SSL session 130 to database 124, In an alternative embodiment, server 1 16 does 
not publish state information 200, but rather waits until state information 200 is 
requested by another server, and then sends state information 200 to the other 
server. 

During operation, server 116 maintains state information 200 (step 406). 
15 This maintenance process includes updating running message digest 212 as 
messages pass through SSL session 130. In one embodiment of the present 
invention, server 1 16 publishes updates to running message digest 212 to database 
124 so that other servers can share the updates (step 408). 

20 Configuring Server to Use Existing Communication Session 

FIG. 5 is a flow chart illustrating how a server 118 configures itself to use 
an existing communication session from another server in accordance with an 
embodiment of the present invention. Server 118 first receives a message from 
client 104 that contains session ID 202 (step 502). Server 118 next performs a 
25 lookup on session ID 202 to determine if the associated communication session 
(for example SSL session 130 from FIG. 1) is configured on server 118 (step 
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504). If so, the configuration process is complete aside from perhaps notifying 
client 104 that session ID 202 is valid. 

If the associated communication session is not configured on server 118, 
the system attempts to retrieve state information 200 for the communication 
session (step 506). In one embodiment of the present invention, server 118 
queries database 124 in order to retrieve state information 200. In another 
embodiment, server 118 queries another related server, such as server 1 16, to 
obtain state information 200. Server 1 1 8 can determine which server to query in a 
number of different ways, including through examining session ID 202 for an 
embedded server identifier, or by performing a lookup in database 124. 

If server 1 18 is not able to retrieve state information 200, it must 
communicate with client 104 to establish a new communication session (step 
514). 

If server 1 18 is able to retrieve state information 200, it uses state 
information 200 to establish a communication session with client 104 (step 510). 

Forwarding State Information 

FIG. 6 is a flow chart illustrating how a server or other repository forwards 
communication session state information 200 to a requesting server in accordance 
with an embodiment of the present invention. In one embodiment of the present 
invention, the forwarding process illustrated in FIG. 6 applies to a database 124 
that maintains communication session state information for active communication 
sessions held by related servers 111. In another embodiment, the forwarding 
process applies to a server 1 16 that forwards communication session state 
information to a requesting server 118. 

The system starts by receiving a request for state information 200 from a 
requesting server 118 (step 602). The system then verifies that the requesting 
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server 1 18 is authorized to receive session state information 200 (step 604). This 
authorization can be performed through a number of mechanisms, including 
through a digital certificate, or by verifying that the other server 118 belongs to 
the same trusted domain. 
5 If the other server 1 1 8 is not authorized, the system does not send state 

information 200 to requesting server 118. 

If the other server 1 18 is authorized, the system retrieves session state 
information 200 from local storage (step 608), and sends session state information 
200 to the other server 118 (step 610). 
10 The system then purges state information 200 from its local storage so that 

another server does not request and receive the same state information 200 (step 
612). 

The foregoing descriptions of embodiments of the invention have been 
presented for purposes of illustration and description only. They are not intended 
15 to be exhaustive or to limit the invention to the forms disclosed. Accordingly, 
many modifications and variations will be apparent to practitioners skilled in the 
art. 

Note that although the present invention is often described in terms of 
secure communication protocols, such as SSL, the present invention is not meant 

20 to be limited to secure communication protocols, such as SSL. The present 
invention also applies to other secure communication protocols such as the 
transport layer security (TLS) protocol, and generally applies to all 
communication sessions (secure or non-secure) that require state information to be 
maintained at a server. 

25 Additionally, the above disclosure is not intended to limit the present 

invention. The scope of the present invention is defined by the appended claims. 
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What Is Claimed Is: 



1 LA method for sharing a secure communication session with a client 

2 between a plurality of servers, comprising: 

3 receiving a message from the client at a first server in the plurality of 

4 servers, the message including a session identifier that identifies a secure 

5 communication session with the client; and 

6 if the session identifier does not correspond to an active secure 

7 communication session on the first server, establishing an active secure 

8 communication session with the client on the first server by, 

9 attempting to retrieve state information associated with the 

10 session identifier for an active secure communication session 

1 1 between the client and a second server from the plurality of 

12 servers, 

13 if the state information for the active secure communication 

14 session is retrieved, using the state information to establish the 

1 5 active secure communication session with the client without 

16 having to communicate with the client, and 

17 if the state information for the active secure communication 

1 8 session is not retrieved, communicating with the client to establish 

1 9 the active secure communication session with the client. 

1 2. The method of claim 1 , wherein attempting to retrieve the state 

2 information includes: 

3 attempting to use the session identifier to identify the second server in the 

4 plurality of servers that has an active secure communication session with the 

5 client that corresponds to the session identifier; and 
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6 



attempting to retrieve the state information from the second server. 



1 3. The method of claim 1 , wherein attempting to retrieve the state 

2 information involves attempting to retrieve the state information from a 

3 centralized repository that is in communication with the plurality of servers. 

1 4. The method of claim 3, wherein the centralized repository includes 

2 a database for storing the state information. 

1 5 . The method of claim 1 , wherein establishing the active secure 

2 communication session involves establishing a secure sockets layer (SSL) 

3 connection with the client. 

1 6. The method of claim 1 , wherein the state information includes: 

2 a session encryption key for the secure communication session; 

3 the session identifier for the secure communication session; and 

4 a running message digest for the secure communication session. 

1 7. The method of claim 6, further comprising: 

2 using the message to update the running message digest; and 

3 checkpointing the updated running message digest to a location outside of 

4 the first server. 

1 8. The method of claim 1 , further comprising, if the state information 

2 for the active secure communication session is retrieved, purging the state 

3 information from a location from which the state information was retrieved, so 

16 

Attorney Docket No. OR99-17401 Inventor(s): Vipin Samar 

ARPC \MY DOCUMENTS\ORACLE CORPORATION\OR99-17401\OR99-17401 APPLICATION DOC 



4 that the state information cannot be subsequently retrieved by another server in the 

5 plurality of servers. 

1 9. The method of claim 1 , further comprising initially establishing an 

2 active secure communication session between the client and the second server, the 

3 active secure communication session being identified by the session identifier. 

1 10. The method of claim 1 5 wherein attempting to retrieve the state 

2 information includes authenticating and authorizing the first server. 

1 1 1 . A method for sharing a secure communication session between a 

2 plurality of servers, comprising: 

3 sending a message from a client to a first server in the plurality of servers, 

4 the first server having no active secure communication session with the client, the 

5 message including a session identifier; 

6 receiving a response to the message from the first server; and 

7 if the response indicates that no active secure communication session has 

8 been created with the client on the first server, communicating with the first server 

9 to establish an active secure communication session. 

1 12. The method of claim 1 1 , wherein the client sends the message to 

2 the first server only if an active secure communication session is held by a second 

3 server in the plurality of servers, wherein the second server has an address that is 

4 related to the address of the first server. 

1 1 3. A computer-readable storage medium storing instructions that 

2 when executed by a computer cause the computer to perform a method for sharing 
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3 a secure communication session with a client between a plurality of servers, the 

4 method comprising: 

5 receiving a message from the client at a first server in the plurality of 

6 servers, the message including a session identifier that identifies a secure 

7 communication session with the client; and 

8 if the session identifier does not correspond to an active secure 

9 communication session on the first server, establishing an active secure 

1 0 communication session with the client on the first server by, 

1 1 attempting to retrieve state information associated with the 

12 session identifier for an active secure communication session 

1 3 between the client and a second server from the plurality of 

14 servers, 

1 5 if the state information for the active secure communication 

16 session is retrieved, using the state information to establish the 

1 7 active secure communication session with the client without 

1 8 having to communicate with the client, and 

19 if the state information for the active secure communication 

20 session is not retrieved, communicating with the client to establish 

21 the active secure communication session with the client. 

1 14. The computer-readable storage medium of claim 13, wherein 

2 attempting to retrieve the state information includes; 

3 attempting to use the session identifier to identify the second server in the 

4 plurality of servers that has an active secure communication session with the 

5 client that corresponds to the session identifier; and 

6 attempting to retrieve the state information from the second server. 
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1 15. The computer-readable storage medium of claim 1 3, wherein 

2 attempting to retrieve the state information involves attempting to retrieve the 

3 state information from a centralized repository that is in communication with the 

4 plurality of servers. 

1 1 6. The computer-readable storage medium of claim 1 5, wherein the 

2 centralized repository includes a database for storing the state information. 

1 1 7. The computer-readable storage medium of claim 13, wherein 

2 establishing the active secure communication session involves establishing a 

3 secure sockets layer (SSL) connection with the client. 

1 18. The computer-readable storage medium of claim 1 3 , wherein the 

2 state information includes: 

3 a session encryption key for the secure communication session; 

4 the session identifier for the secure communication session; and 

5 a running message digest for the secure communication session. 

1 19. The computer-readable storage medium of claim 1 8, wherein the 

2 method further comprises: 

3 using the message to update the running message digest; and 

4 checkpointing the updated running message digest to a location outside of 

5 the first server. 

1 20. The computer-readable storage medium of claim 13, wherein the 

2 method further comprises, if the state information for the active secure 

3 communication session is retrieved, purging the state information from a location 
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5 



from which the state information was retrieved, so that the state information 
cannot be subsequently retrieved by another server in the plurality of servers. 



1 21. The computer-readable storage medium of claim 13, wherein the 

2 method further comprises initially establishing an active secure communication 

3 session between the client and the second server, the active secure communication 

4 session being identified by the session identifier. 

1 22. The computer-readable storage medium of claim 1 3 , wherein 

2 attempting to retrieve the state information includes authenticating and 

3 authorizing the first server. 



1 23. A computer-readable storage medium storing instructions that 

2 when executed by a computer cause the computer to perform a method for sharing 

3 a secure communication session between a plurality of servers, comprising; 

4 sending a message from a client to a first server in the plurality of servers, 

5 the first server having no active secure communication session with the client, the 

6 message including a session identifier; 

7 receiving a response to the message from the first server; and 

8 if the response indicates that no active secure communication session has 

9 been created with the client on the first server, communicating with the first server 
10 to establish an active secure communication session. 



1 24. The computer-readable storage medium of claim 23, wherein the 

2 client sends the message to the first server only if an active secure communication 

3 session is held by a second server in the plurality of servers, wherein the second 

4 server has an address that is related to the address of the first server. 
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1 25. An apparatus that shares a secure communication session with a 

2 client between a plurality of servers, comprising: 

3 a receiving mechanism, at a first server in the plurality of servers, that 

4 receives a message from the client, the message including a session identifier that 

5 identifies a secure communication session with the client; 

6 an examination mechanism that examines the session identifier; and 

7 a session initialization mechanism, on the first server, wherein if the 

8 session identifier does not correspond to an active secure communication session 

9 on the first server, the session initialization mechanism is configured to establish 

10 an active secure communication session with the client by, 

1 1 attempting to retrieve state information associated with the 

12 session identifier for an active secure communication session 

1 3 between the client and a second server from the plurality of 

14 servers, 

15 if the state information for the active secure communication 

1 6 session is retrieved, using the state information to establish the 

1 7 active secure communication session with the client without 

1 8 having to communicate with the client, and 

19 if the state information for the active secure communication 

20 session is not retrieved, communicating with the client to establish 

21 the active secure communication session with the client. 

1 26. The apparatus of claim 25, wherein the session initialization 

2 mechanism is configured to attempt to retrieve the state information by: 
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3 attempting to use the session identifier to identify the second server in the 

4 plurality of servers that has an active secure communication session with the 

5 client that corresponds to the session identifier; and 

6 attempting to retrieve the state information from the second server. 

1 27. The apparatus of claim 25, wherein the session initialization 

2 mechanism is configured to attempt to retrieve the state information by attempting 

3 to retrieve the state information from a centralized repository that is in 

4 communication with the plurality of servers. 

1 28. The apparatus of claim 27, wherein the centralized repository 

2 includes a database for storing the state information. 

1 29. The apparatus of claim 25, wherein the active secure 

2 communication session includes a secure sockets layer (SSL) connection with the 

3 client. 

1 30. The apparatus of claim 25, wherein the state information includes: 

2 a session encryption key for the secure communication session; 

3 the session identifier for the secure communication session; and 

4 a running message digest for the secure communication session, 

1 31. The apparatus of claim 30, further comprising an updating 

2 mechanism that is configured to: 

3 use the message to update the running message digest; and to 

4 checkpoint the updated running message digest to a location outside of the 

5 first server. 
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1 32. The apparatus of claim 25, further comprising a purging 

2 mechanism that is configured to purge the state information from a location from 

3 which the state information was retrieved, so that the state information cannot be 

4 subsequently retrieved by another server in the plurality of servers. 

1 33. The apparatus of claim 25 5 wherein the session initialization 

2 mechanism is configured to authenticate and authorize the first server prior to 

3 receiving the state information. 

1 34. An apparatus that facilitates sharing a secure communication 

2 session between a plurality of servers, comprising: 

3 a sending mechanism that sends a message from a client to a first server in 

4 the plurality of servers, the first server having no active secure communication 

5 session with the client, the message including a session identifier; 

6 a receiving mechanism that receives a response to the message from the 

7 first server; and 

8 a session initialization mechanism that communicates with the first server 

9 to establish an active secure communication session with the first server if the 

10 response indicates that no active secure communication session has been created 

1 1 with the client on the first server. 

1 35. The apparatus of claim 34, wherein the sending mechanism sends 

2 the message to the first server only if an active secure communication session is 

3 held by a second server in the plurality of servers, wherein the second server has 

4 an address that is related to the address of the first server. 
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METHOD AND APPARATUS FOR SHARING A 
SECURE CLIENT CONNECTION BETWEEN 
MULTIPLE SERVERS 



ABSTRACT 

One embodiment of the present invention provides a system for sharing a 
secure communication session with a client between a plurality of servers. The 
system operates by receiving a message from the client at a first server. This 
message includes a session identifier, which identifies a secure communication 
session with the client. If the session identifier does not correspond to an active 
secure communication session on the first server, the first server establishes an 
active secure communication session with the client by attempting to retrieve 
security state information from a second server, which had an active secure 
communication session with the client. If the first server is able to retrieve this 
security state information, the first server uses this state information to establish 
the active secure communication session with the client without having to 
communicate with the client. If the first server is not able to retrieve this state 
information, the first server communicates with the client to establish the secure 
communication session with the client. 
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